Field of the Invention
The present invention relates to a one time password generation device and an authentication method using the same, and more particularly, to a one time password generation device and an authentication method using the same that can perform user authentication by generating a one time password in order to input a password having different lengths and values every time using a terminal.
Description of the Related Art
In general, a user authentication system is a system that authenticates a user by inputting Identification (ID) and a password designated by a user.
In such a conventional user authentication system, because user authentication should be performed with a fixed password, when a terminal is hacked or when a password is exposed to the outside, damage such as user personal information leakage occurs and because a password should be periodically changed, there is a problem that user inconvenience is caused.
Further, a conventional One Time Password (OTP) performs user authentication using a one time password of randomly generated random numbers, and because a user should use an OTP token, which is hardware that generates a one time password, a cost for purchasing a separate device increase, and the user should carry the OTP token and thus there is a problem that the user cannot conveniently use the OTP token.
In addition, in a biometrics method for user authentication, there is a problem that much cost occurs in constructing a system.
A conventional authentication system determines whether one or two authentication information submitted by a user corresponds with user authentication information in which the user previously stores, and when a corresponding authentication element is exposed or leaked to another person, or is deprived by another person, there is a problem that authentication information cannot determine an illegal user. Further, it becomes a final object target of hacking that a hacker (illegal user) successfully deprives authentication information, and the authentication information becomes a main attack target of the hacker, and when one or two authentication information submitted by the user is deprived by the hacker, the hacker having corresponding authentication information may illegally use personal information of another person and thus due to a weak point and a harmful effect of a single authentication system, a security problem occurs and damage rapidly increases.
In a method and system for registering and authenticating a one time password having reinforced voluntariness disclosed in Korean Patent No. 1,204,980, a one time password is generated using a session key, an initial value, and the login number of an OTP terminal, but there is a problem that a separate OTP terminal should be provided.
In a user authentication method of using a plurality of one time passwords disclosed in Korean Patent No. 1,272,349, a smart device registered as a mobile OTP device generates a plurality of one time passwords to output each one time password to a display unit and thus another person may be prevented from illegally using a one time password, and when the one time password is used or when a predetermined time has elapsed, by immediately discarding the one time password, hacking can be prevented and damage according to multiple access can be prevented, but there is a problem that a separately registered OTP terminal should be provided and authentication should be performed.
In a device and method for generating a one time password using a virtual input means disclosed in Korean Patent No. 1,359,874, because a length of a password cannot be changed, a research for a one time password generation device that can change a length of a password is requested.